I read your links and I understand possible DoS and other issues but to repeat Alexandre's idea, why is there no error message for file that are too large to notify the admin so they can adjust clamd.conf or other action. Right now this infected file passes through like if it was not infected which would be dangerous under certain conditions. IMHO this file shouldn't pass through clamav without any error message.
Frank >On Fri, 19 Sep 2008 10:51:52 -0300 >"Alexandre Biancalana" <[EMAIL PROTECTED]> wrote: > >> Right ! This is detect now, but the correct behavior would not be >> display a error message like "File too big, not scanned!" ?? > >Some discussions on this topic: > >http://lurker.clamav.net/message/20080129.163022.5183157e.en.html >http://lurker.clamav.net/message/20080313.165458.ac80f65a.en.html > >-- > oo ..... Tomasz Kojm <[EMAIL PROTECTED]> > (\/)\......... http://www.ClamAV.net/gpg/tkojm.gpg > \..........._ 0DCA5A08407D5288279DB43454822DC8985A444B > //\ /\ Fri Sep 19 15:57:33 CEST 2008 >_______________________________________________ >Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net >http://www.clamav.net/support/ml _______________________________________________ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
